More Related Content Similar to Custom RBAC - Can I Do That? (20) More from Lance Bragstad (9) Custom RBAC - Can I Do That? 2. What is RBAC?
How does OpenStack implement RBAC?
Customizing RBAC in your deployment
The future of access control
3. What is RBAC?
How does OpenStack implement RBAC?
Customizing RBAC in your deployment
The future of access control
4. RBAC is a method of regulating access to an object
based on the roles of individual users
5. What is RBAC?
Permissions are attached to predefined roles
Roles are assigned to users or groups
Roles are evaluated with request context
6. What is RBAC?
Permissions are attached to predefined roles
Roles are assigned to users or groups
Roles are evaluated with request context
7. What is RBAC?
Permissions are attached to predefined roles
Roles are assigned to users or groups
Roles are evaluated with request context
8. What is RBAC?
How does OpenStack implement RBAC?
Customizing RBAC in your deployment
The future of access control
9. How does OpenStack implement RBAC?
Attaching permissions to roles
Assigning roles to users
Evaluating requests
13. How does OpenStack implement RBAC?
Attaching permissions to roles
Assigning roles to users
Evaluating requests
15. How does OpenStack implement RBAC?
Attaching permissions to roles
Assigning roles to users
Evaluating requests
16. What is RBAC?
How does OpenStack implement RBAC?
Customizing RBAC in your deployment
The future of access control
17. Customizing RBAC in your deployment
Finding policy settings
Policy syntax
Choosing which role to customize
Selecting which policy to customize
20. Customizing RBAC in your deployment
Finding policy settings
Policy syntax
Choosing which role to customize
Selecting which policy to customize
21. "!" # none
"@" # any
"" # any
"<context_attr>:<target_attr>" # match
23. Customizing RBAC in your deployment
Finding policy settings
Policy syntax
Choosing which role to customize
Selecting which policy to customize
31. <your_thing> # do whatcha wanna do
Issues:
1. Qualify as “member”
2. Hardcoded admin checks
32. Customizing RBAC in your deployment
Finding policy settings
Policy syntax
Choosing which role to customize
Selecting which policy to customize
34. Multiple APIs can be protected with one policy
One API can be protected with multiple policies
One API can call another API
36. What is RBAC?
How does OpenStack implement RBAC?
Customizing RBAC in your deployment
The future of access control